WordPress.org

Make WordPress Core

Opened 6 months ago

Last modified 6 months ago

#50179 new defect (bug)

all HTTP methods allowed on /login

Reported by: ptasec Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: General Keywords: close reporter-feedback
Focuses: Cc:

Description

It seems that almost all http methods are allowed on /login, on all other resources anything other than GET, HEAD or POST will return a 405 response, but on /login every method returns a 200 response.

Change History (2)

#1 @knutsp
6 months ago

  • Component changed from General to REST API
  • Version 5.4.1 deleted

#2 @TimothyBlynJacobs
6 months ago

  • Component changed from REST API to General
  • Keywords close reporter-feedback added

Hi @ptasec,

Welcome to trac! Could you share more details about the request you are making? There is no /login route in WordPress Core, you'll only be redirected to wp-login.php.

As far as I'm aware, WordPress also only sends a 405 error in limited circumstances the REST API, XML-RPC, IXR and commenting. Just making a PUT request to the homepage of a stock WordPress install does not generate a 405 for me. Are you sure this isn't your web server sending the error?

Note: See TracTickets for help on using tickets.